USN-5214-1

Source
https://ubuntu.com/security/notices/USN-5214-1
Import Source
https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-5214-1.json
JSON Data
https://api.test.osv.dev/v1/vulns/USN-5214-1
Related
Published
2022-06-09T09:14:15.350841Z
Modified
2022-06-09T09:14:15.350841Z
Summary
cacti vulnerabilities
Details

It was discovered that Cacti was incorrectly validating permissions for user accounts that had been recently disabled. An authenticated attacker could possibly use this to obtain unauthorized access to application and system data. (CVE-2020-13230)

It was discovered that Cacti was incorrectly performing authorization checks in auth_profile.php. A remote unauthenticated attacker could use this to perform a CSRF attack and set a new admin email or make other changes. This issue only affected Ubuntu 18.04 ESM and Ubuntu 20.04 ESM. (CVE-2020-13231)

It was discovered that Cacti incorrectly handled user provided input sent through request parameters to the color.php script. A remote authenticated attacker could use this issue to perform SQL injection attacks. This issue only affected Ubuntu 18.04 ESM and Ubuntu 20.04 ESM. (CVE-2020-14295)

It was discovered that Cacti did not properly escape file input fields when performing template import operations for various themes. An authenticated attacker could use this to perform XSS attacks. This issue only affected Ubuntu 18.04 ESM and Ubuntu 20.04 ESM. (CVE-2020-14424)

It was discovered that Cacti incorrectly handled user provided input sent through request parameters to the data_debug.php script. A remote authenticated attacker could use this issue to perform SQL injection attacks. This issue only affected Ubuntu 20.04 ESM. (CVE-2020-35701)

References

Affected packages

Ubuntu:Pro:16.04:LTS / cacti

Package

Name
cacti
Purl
pkg:deb/ubuntu/cacti?arch=src?distro=esm-apps/xenial

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0.8.8f+ds1-4ubuntu4.16.04.2+esm1

Affected versions

0.*

0.8.8f+ds1-2
0.8.8f+ds1-3
0.8.8f+ds1-4
0.8.8f+ds1-4ubuntu1
0.8.8f+ds1-4ubuntu2
0.8.8f+ds1-4ubuntu3
0.8.8f+ds1-4ubuntu4
0.8.8f+ds1-4ubuntu4.16.04
0.8.8f+ds1-4ubuntu4.16.04.1
0.8.8f+ds1-4ubuntu4.16.04.2

Ecosystem specific

{
    "availability": "Available with Ubuntu Pro: https://ubuntu.com/pro",
    "binaries": [
        {
            "binary_version": "0.8.8f+ds1-4ubuntu4.16.04.2+esm1",
            "binary_name": "cacti"
        }
    ]
}

Ubuntu:Pro:18.04:LTS / cacti

Package

Name
cacti
Purl
pkg:deb/ubuntu/cacti?arch=src?distro=esm-apps/bionic

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.1.38+ds1-1ubuntu0.1~esm1

Affected versions

1.*

1.1.18+ds1-1
1.1.27+ds1-2
1.1.27+ds1-3
1.1.28+ds1-2
1.1.35+ds1-1
1.1.36+ds1-1
1.1.38+ds1-1

Ecosystem specific

{
    "availability": "Available with Ubuntu Pro: https://ubuntu.com/pro",
    "binaries": [
        {
            "binary_version": "1.1.38+ds1-1ubuntu0.1~esm1",
            "binary_name": "cacti"
        }
    ]
}

Ubuntu:Pro:20.04:LTS / cacti

Package

Name
cacti
Purl
pkg:deb/ubuntu/cacti?arch=src?distro=esm-apps/focal

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.2.10+ds1-1ubuntu1+esm1

Affected versions

1.*

1.2.4+ds1-2ubuntu3
1.2.9+ds1-1ubuntu1
1.2.9+ds1-1ubuntu2
1.2.10+ds1-1ubuntu1

Ecosystem specific

{
    "availability": "Available with Ubuntu Pro: https://ubuntu.com/pro",
    "binaries": [
        {
            "binary_version": "1.2.10+ds1-1ubuntu1+esm1",
            "binary_name": "cacti"
        }
    ]
}